Colorado lawmakers are moving to enact what is billed as one of nation’s toughest student privacy laws at a time when unscrupulous data collectors can identify youths by their keystrokes in typing class and sell their information.

[…]

The House on Thursday unanimously backed a bill that defines at what point data accumulated by in-class programs can identify students. The legislation from Reps. Paul Lundeen and Alec Garnett requires companies to destroy, not just delete, that information, unless authorized by contract to keep it. Deleted data can be traced and retrieved, the lawmakers say.

Not surprisingly, perhaps, the Software Information Industry Association is urging lawmakers not to enact such strong legislation and to do what other states have done:

Existing laws, contracts and a privacy pledge adopted by the trade group’s members ensures data privacy, said Brendan Desetti, director of education policy. The Federal Trade Commission can enforce the pledge, he said.

Oh, puhleese – like the short-on-resources FTC is really going to enforce student data protection laws if companies violate any pledges? Yes, the FTC would have authority to do so, but would they? Better to have strong state laws that states enforce, I think.